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(54) Method and device avoiding unauthorized access 



(57) When a first access from an external apparatus 
occurs to an intelligent interconnecting device and the 
external apparatus is authenticated in authentication 
processing based on a TCP/IP protocol in the intelligent 
interconnecting device, the intelligent interconnecting 



device stores therein a source IP address of the external 
apparatus. When an access from an external apparatus 
occurs thereafter, a response to the access is permitted 
only when a source IP address of the external apparatus 
giving the access is Identical with the source IP address 
stored in advance. 
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Description 



[0001] The present invention relates to a intercon- 
necting device having a packet repeating function and 
the like in what is called a LAN (Local Area Network) 
system, and more particularly to an unauthorized ac- 
cess avoiding method, an unauthorized access avoiding 
program, a recording medium in which an unauthonzed 
access avoiding program is recorded, an intelligent in- 
terconnecting device, and a LAN system which realize 
security improvement and so on in what is known as an 
Intelligent interconnecting device whose operation is 
controllable from outside. 

[0002] What is known as a packet interconnecting de- 
vice which is represented by what is called a hub and a 
router is an apparatus indispensable for configuring a 
LAN system and various kinds of packet interconnecting 
devices having various functions in addition to basic 
functions have been proposed according to forms and 
so on of LAN systems (for example, refer to Japanese 
Patent Laid-open No. Hei 5-327720). In some of these 
interconnecting devices, what is known as management 
functions such as monitoring operational status and set- 
ting operation conditions of the interconnecting devices 
particularly through communication with external com- 
puters are provided and these interconnecting devices 
are generally called intelligent interconnecting devices. 
[0003] In a conventional LAN system to which this in- 
telligent interconnecting device is applied to configure 
the LAN system, an IP address is given to the intelligent 
interconnecting device and what is called TCP/IP com- 
munication processing is performed for processing 
communication between a managing computer and the 
intelligent interconnecting device so that setting, chang- 
ing and the like of various operation conditions and so 
on of the intelligent interconnecting device are control- 
lable by remote control from the managing computer 
which is connected to the LAN system. More specifical- 
ly what is called TCP/IP protocols of various kinds such 
as TELNET (RFCB54), SNMP (RFC1157), TFTP 
(RFC1 350), ICMP (RFC792), and HTTP (RFC1 945) are 
selectively used according to forms of communication 
between the managing computer and the intelligent in- 
terconnecting device. 

[0004] For example, unauthorized operation of the in- 
telligent interconnecting device by someone other than 
a managing party thereof is conventionally prevented in 
such a manner in which log-in to the intelligent intercon- 
necting device is made possible by the FTP (RFC765), 
a user identifier and a password are requested to be in- 
putted after the log-in, and only when they are identical 
with a predetermined identifier and a predetermined 
password, the access is authenticated as an access 
from the managing party and the operation thereafter 
from this outside managing party is permitted. 
[0005] However, since security for the intelligent inter- 
connecting device is dependent only on the protocol in 
the above conventional structure and some of the TCP/ 



IP protocols have no security function, the conventional 
structure does not always guarantee highly reliable se- 
curity. In other words, take the above conventional ap- 
paratus for example, it does not satisfactorily guarantee 
5 security since the authentication by using the inputted 
user identifier and password after the log-In, which is 
one of the functions that the FTP has, is not a function 
which is specially provided from a viewpoint of prevent- 
ing an unauthorized access to the intelligent intercon- 
10 necting device and furthermore, it has a disadvantage 
that an access is easily authenticated as long as the in- 
putted user identifier and password are identical with the 
predetermined user identifier and password even when 
the access is from a computer other than the managing 
15 computer. 

[0006] It is an object of the present invention to pro- 
vide an unauthorized access avoiding method in an in- 
telligent interconnecting device, an unauthorized ac- 
cess avoiding program for an intelligent interconnecting 
20 device, a recording medium in which an unauthorized 
access avoiding program for an intelligent interconnect- 
ing device is recorded, an intelligent interconnecting de- 
vice, and a LAN system which surely realize prevention 
of an access from a computer other than a pre-desig- 
25 nated computer without depending on a security func- 
tion of a protocol and/or which improve the security. 
[0007] The above object is achieved by a method, de- 
vice, LAN system, program or recording medium ac- 
cording to any one the independent claims. Preferred 
30 embodiments are subject of the subclaims. 

[0008] It is a further aspect of the present invention to 
provide an unauthorized access avoiding method in an 
intelligent interconnecting device, an unauthorized ac- 
cess avoiding program for an intelligent interconnecting 
35 device, a recording medium in which an unauthorized 
access avoiding program for an intelligent interconnect- 
ing device is recorded, an intelligent interconnecting de- 
vice and a LAN system which realize strengthening of 
a security function to improve reliability only with some 
40 new functions added to existing software. 

[0009] It is still another aspect of the present invention 
to provide an unauthorized access avoiding method in 
an intelligent interconnecting device, an unauthorized 
access avoiding program for an intelligent interconnect- 
45 ing device, a recording medium in which an unauthor- 
ized access avoiding program for an intelligent intercon- 
necting device is recorded, an intelligent interconnect- 
ing device, and a LAN system which realize simplifica- 
tion of software for guaranteeing security. 
so [001 0] In order to achieve the above objects and as- 
pects of the present invention, according to a first em- 
bodiment of the present invention, it is preferably pro- 
vided an unauthorized access avoiding method in an in- 
telligent interconnecting device having a function of re- 
55 peating a packet which is transmitted/received between 
a plurality of computers and being structured to be con- 
trollable by an external apparatus based on a TCP/IP 
protocol, the unauthorized access avoiding method in 
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an intelligent interconnecting device comprising the fol- 
lowing steps: 

when an access from an external apparatus is au- 
thenticated through execution of the TCP/IP proto- 
col, extracting and storing a source IP address in- 
cluded in a packet which Is transmitted from the ex- 
ternal apparatus; 

when an access from an external apparatus occurs 
thereafter, Judging whether or not a source IP ad- 
dress of the external apparatus giving the access is 
identical with the stored source IP address; and 

only when the source I P address of the external ap- 
paratus is judged to be identical with the stored 
source IP address, permitting communication 
thereafter between the external apparatus having 
the source IP address identical with the stored 
source IP address and the intelligent interconnect- 
ing device. 

[0011] In this method, after the source IP address of 
the external apparatus is once authenticated through 
the execution of the TCP/IP protocol, the source IP ad- 
dress included in the packet which is transmitted from 
the external apparatus at the time of executing the pro- 
tocol is extracted and stored so that, when some access 
occurs from an external apparatus thereafter whose 
source IP address is judged to be non-identical with the 
stored source IP address, the external apparatus is de- 
termined as an apparatus not to be responded to. There- 
fore, a conventional disadvantage that an access is per- 
mitted even with a non-identical source IP address as 
long as a user identifier and a password thereof are 
identical with a predetermined identifier and a predeter- 
mined password is surely eliminated. Consequently, se- 
curity is further improved with a simple structure com- 
pared with a conventional method. 
[0012] According to a second embodiment of the 
present invention, an unauthorized access avoiding pro- 
gram which is executed in an intelligent interconnecting 
device having a function of repeating a packet which is 
transmitted/received between a plurality of computers 
and being structured to be controllable by an external 
apparatus based on a TCP/IP protocol is provided, the 
unauthorized access avoiding program for an intelligent 
interconnecting device comprising the following steps: 

a first step of causing the intelligent interconnecting 
device to judge whether or not a first access to the 
intelligent interconnecting device from outside has 
occurred; 

- a second step of causing the intelligent intercon- 
necting device to carry out authentication process- 
ing by using a user identifier and a password based 
on the TCP/IP protocol when it is judged in the first 



step that the first access from outside has occurred; 

a third step of causing the intelligent interconnecting 
device to judge after the authentication processing 
5 in the second step whether or not authentication is 
given; 

- a fourth step of determining an authenticated exter- 
nal apparatus as an apparatus to be responded to 
10 thereafter by the intelligent interconnecting device 
and causing the intelligent interconnecting device 
to judge whether or not this access is the first ac- 
cess, when it is judged in the third step that the au- 
thentication is given; 

a fifth step of causing the intelligent interconnecting 
device to extract and store a source IP address in- 
cluded in a packet which is received from the exter- 
nal apparatus in the authentication processing 
20 when this access of the external apparatus is 
judged to be the first access in the fourth step; 

a sixth step of determining the external apparatus 
as an apparatus not to be responded to thereafter 
25 by the intelligent interconnecting device when the 
external apparatus is judged not to be authenticated 
in the third step; 

a seventh step of causing the intelligent intercon- 
30 necting device to judge whether or not the source 
IP address of the external apparatus giving the ac- 
cess thereto is identical with the stored source IP 
address when this access is judged not to be the 
first access in the first step; 

35 

an eighth step of determining the external appara- 
tus whose source IP address is judged to be iden- 
tical with the stored source IP address as an appa- 
ratus to be responded to thereafter by the intelligent 
40 interconnecting device and causing the intelligent 
interconnecting device to process the steps begin- 
ning from the second step when the source IP ad- 
dress of the external apparatus is judged to be iden- 
tical with the stored source IP address in the sev- 
45 enth step; and 

a ninth step of determining the external apparatus 
whose source IP address is judged to be non-iden- 
tical with the stored source IP address as an appa- 
50 ratus not to be responded to thereafter by the intel- 
ligent interconnecting device when the source IP 
address of the external apparatus is judged to be 
non-identical with the stored source IP address in 
the seventh step. 

55 

[0013] This structure is particularly appropriate for 
carrying out the unauthorized access avoiding method 
in an intelligent interconnecting device in the first em- 
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bodiment of the present invention and is realizable, for 
example, by what is called a microcomputer, or a circuit 
and software having functions equivalent thereto. 
[001 4] According to a third embodiment of the present 
invention, a recording medium in which a computer 
readable unauthorized access avoiding program which 
is executed in an intelligent interconnecting device hav- 
ing a function of repeating a packet which is transmitted/ 
received between a plurality of computers and being 
structured to be controllable by an external apparatus 
based on a TCP/IP protocol is recorded is provided, 
wherein the unauthorized access avoiding program 
comprises the following steps: 

- a first step of causing the intelligent interconnecting 
device to judge whether or not a first access to the 
intelligent interconnecting device from outside has 
occurred; 

- a second step of causing the intelligent intercon- 
necting device to carry out authentication process- 
ing by using a user identifier and a password based 
on the TCP/IP protocol when It is judged in the first 
step that the first access from outside has occurred; 

- a third step of causing the intelligent interconnecting 
device to judge after the authentication processing 
in the second step whether or not authentication is 
given; 

- a fourth step of determining an authenticated exter- 
nal apparatus as an apparatus to be responded to 
thereafter by the intelligent interconnecting device 
and causing the intelligent interconnecting device 
to judge whether or not this access is the first ac- 
cess, when it is judged in the third step that the au- 
thentication Is given; 

- a fifth step of causing the intelligent interconnecting 
device to extract and store a source IP address in- 
cluded in a packet which is received from the exter- 
nal apparatus in the authentication processing 
when this access of the external apparatus is 
judged to be the first access in the fourth step; 

- a sixth step of determining the external apparatus 
as an apparatus not to be responded to thereafter 
by the intelligent interconnecting device when the 
external apparatus is judged not to be authenticated 
in the third step; 

- a seventh step of causing the intelligent intercon- 
necting device to judge whether or not the source 
IP address of the external apparatus giving the ac- 
cess thereto is identical with the stored source IP 
address when this access is judged not to be the 
first access in the first step; 



an eighth step of determining the external appara- 
tus whose source IP address is judged to be iden- 
tical with the stored source IP address as an appa- 
ratus to be responded to thereafter by the intelligent 
interconnecting device and causing the intelligent 
interconnecting device to process the steps begin- 
ning from the second step when the source IP ad- 
dress of the external apparatus is judged to be iden- 
tical with the stored source IP address in the sev- 
enth step; and 



- a ninth step of determining the external apparatus 
whose source IP address is judged to be non-iden- 
tical with the stored source IP address as an appa- 
15 ratus not to be responded to thereafter by the intel- 
ligent interconnecting device when the source IP 
address of the external apparatus is judged to be 
non-identical with the stored source IP address in 
the seventh step. 

20 

[0015] According to a fourth embodiment of the 
present invention, an intelligent interconnecting device 
having a function of repeating a packet which is trans- 
mitted/received between a plurality of computers and 
25 being structured to be controllable by an external appa- 
ratus based on a TCP/IP protocol is provided, the intel- 
ligent interconnecting device comprising the following: 
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a LAN trunk line interfacing section having an inter- 
face function with a LAN trunk line; 

a port interfacing section having an interface func- 
tion with a terminal connected thereto; 

a storage section for storing a program and data 
therein, and 

a central controlling section for controlling opera- 
tions of the LAN trunk line interfacing section, the 
port interfacing section, and the storage section, 
and wherein the central controlling section process- 
es the following: 

when an access from an external apparatus is au- 
thenticated through execution of the TCP/IP proto- 
col, to extract a source IP address included in a 
packet which is transmitted from the external appa- 
ratus and store it in the storage section; 

when an access from an external apparatus occurs 
thereafter, to judge whether or not a source IP ad- 
dress of the external apparatus giving the access is 
identical with the stored source IP address; and 

only when the source IP address is judged to be 
identical with the stored source IP address, to per- 
mit communication thereafter with the external ap- 
paratus having the source IP address identical with 



4 



7 



BP 1 274 212 A1 



8 



the stored source IP address. 

[0016] Further details, aspects and advantages will 
be explained with reference to the enclosed drawings. 
It shows: 

FIG. 1 a schematic view showing a structure exam- 
ple of a LAN system according to an embod- 
iment of the present invention; 

FIG. 2 a schematic view showing a structure exam- 
ple of an intelligent interconnecting device 
which is used in the LAN system shown in 
FIG. 1; 

FIG. 3 a subroutine flow chart showing a processing 
procedure in a first example of unauthorized 
access avoiding processing executed by the 
intelligent interconnecting device shown in 
FIG, 2; and 

FIG. 4 a subroutine flow chart showing a processing 
procedure in a second example of unauthor- 
ized access avoiding processing executed by 
the Intelligent interconnecting device shown in 
FIG. 2. 

[001 7] Embodiments of the present invention are ex- 
plained in detail below with reference to the attached 
drawings. 

[0018] It is to be understood that members, arrange- 
ments, and so on which are explained below are not re- 
strictive of the present invention and various improve- 
ments and modifications may be made within the scope 
and spirit of the present invention. 
[0019] First, the structure of a LAN system to which 
an intelligent interconnecting device according to an 
embodiment of the present invention is applied to con- 
figure the LAN system is explained with reference to 
FIG. 1. 

[0020] What is called personalcomputers 2 as a plu- 
rality of terminals and a LAN trunk line 3 are connected 
to an intelligent interconnecting device 1 in this LAN sys- 
tem. To the LAN trunk line 3, at least a managing com- 
puter 4 is connected and furthermore, a different net- 
work 5 may also be connected. The managing computer 
4, which is connected directly to the LAN trunk line 3 in 
this structure, may alternatively be connected to the 
LAN trunk line 3 via the different network 5. 
[0021] Incidentally, the managing computer 4 may al- 
so work as a server or alternatively, the server may be 
provided separately in addition to the managing compu- 
ter 4. 

[0022] The intelligent interconnecting device 1 is com- 
posed of operation and function which are controllable 
from outside as well as packet interconnecting capabil- 
ity. 

[0023] FIG. 2 shows a structure example of the intel- 



ligent interconnecting device 1. The structure thereof 
and so forth are explained below with reference to FIG. 
2. 

[0024] The intelligent interconnecting device 1 com- 
s prises a central controlling section 6, a LAN trunk line 
interfacing section (shown as 'B-l/P in FIG. 2) 7, a port 
interfacing section (shown as 'P-I/F in FIG. 2) 8, and a 
storage section 9, which are connected with one another 
via a common internal bus 10. This structure is not ba- 
sically different from that of a conventional apparatus 
except that the central controlling section 6 performs un- 
authorized access avoiding processing, which Is de- 
scribed later. 

[0025] The central controlling section 6 performs op- 
eration control of the whole intelligent interconnecting 
device 1 in this structure and particularly, in the embod- 
iment of the present invention, executes the later de- 
scribed unauthorized access avoiding processing. 
[0026] The LAN trunk line interfacing section 7 inter- 
faces the intelligent interconnecting device 1 with the 
LAN trunk line 3 and the port interfacing section 8 inter- 
faces the intelligent interconnecting device 1 with the 
personal computers 2 as terminals. 
[0027] The storage section 9 stores therein various 
programs to be executed by the central controlling sec- 
tion 6 and also stores data therein which is given thereto 
and is to be sent out therefrom via the LAN trunk line 
interfacing section 7 and the port interfacing section 8. 
The storage section 9 has a storage area whose storage 
content is not erased even when the power supply is cut 
off and a storage area whose storage content is erased 
when the power supply is cut off so that data is selec- 
tively stored in the respective areas according to its use 
and so on. The storage section 9, which is realizable by 
a generally known storage element and therefore, is not 
explained in detail, is appropriately structured, for ex- 
ample, by using a hard disk and the like as well as a 
semiconductor memory such as what is called an RAM 
and an ROM, and the like. 

[0028] Note that, according to the embodiment of the 
present invention, a TCP/IP protocol is stored in the area 
of the storage section 9 whose storage content is not 
erased even when the power supply is cut off, and it is 
executed by the central controlling section 6 when nec- 
essary. Incidentally, among various TCP/IP protocols, 
any TCP/IP protocol may be used as long as it is appro- 
priate for executing the unauthorized access avoiding 
processing, which is described later, and more specifi- 
cally as long as it carries out what is known as authen- 
tication processing by using a user identifier and a pass- 
word. 

[0029] Moreover, in the storage section 9, an IP ad- 
dress given in advance to the intelligent interconnecting 
device 1 , and a user identifier (ID) and a password nec- 
essary for authentication of an access from an external 
apparatus based on the TCP/IP protocol are stored in 
advance in the area whose content is not erased even 
when the power supply is cut off. 
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[0030] A first example of the unauthorized access 
avoiding processing executed by the central controlling 
section 6 is explained next with reference to FIG. 3. 
[0031] To explain first, it is premised that the unau- 
thorized access avoiding processing is executed as one 
step of subroutine processing in main routine process- 
ing executed in the central controlling section 6. 
[0032] When the central controlling section 6 starts 
the processing, it is first judged whether or not an access 
from outside has occu rred to the intelligent intercon nect- 
Ing device 1 (refer to a step S100 in FIG. 3). When it is 
judged that the access from outside has occurred 
(YES), the procedure proceeds to a next step S102. 
Meanwhile, when it is judged in the step S100 that no 
access from outside has occurred (NO), this subroutine 
processing is once finished, the procedure returns to the 
not shown main routine processing, and this subroutine 
processing is started again after predetermined 
processing of the main routine processing. 
[0033] Then, in the step S1 02, it is judged whether or 
not the access to the intelligent interconnecting device 
1 from outside is a first access. When the access is 
judged to be the first access (YES), the procedure pro- 
ceeds to a next step S1 1 0. Meanwhile, when the access 
is not judged to be the first access (NO), the procedure 
proceeds to a later described step S104. 
[0034] In the step S110, a user identifier (ID) and a 
password are demanded from an external apparatus 
giving the access to the intelligent interconnecting de- 
vice 1 from outside (for example, the managing compu- 
ter 4) and inputs of the user identifier and the password 
are received. 

[0035] Then, authentication processing for the input- 
ted user identifier and password is performed (refer to 
a step S112in FIG. 3). 

[0036] Here, the steps S11 0 and S11 2 are processed 
through execution of the generally known TCP/IP pro- 
tocol. In other words, the TCP/IP protocol, which is 
premised to be provided in the intelligent interconnect- 
ing device 1 according to the embodiment of the present 
invention, as is explained above in the structure expla- 
nation, is appropriately a TCP/IP protocol, in particular, 
capable of executing the authentication processing by 
using a user identifier and a password. As such a TCP/ 
IP protocol, for example, TELNET is available. An ex- 
planation of a detailed processing procedure of this pro- 
tocol is omitted here. 

[0037] Then, after the authentication processing (re- 
f erto the step S1 1 2 in FIG. 3) is over, it is judged whether 
or not the authentication is given (refer to a step S114 
in FIG. 3). Here, the authentication is given 1 means that 
the user identifier and the password are identical with 
those set in advance in the storage section 9 and the 
external apparatus giving the access is authenticated. 
The authentication is not given' means that the user 
identifier and the password are non-identical with those 
set in advance in the storage section 9 and the external 
apparatus giving the access is not authenticated. 



[0038] When it is judged in the step S1 14 that the au- 
thentication is not given, that is, the external apparatus 
is not authenticated (NO), a response to the external ap- 
paratus is determined to be unallowable (refer to a step 
5 S122 in FIG. 3), a series of the subroutine processing 
is finished, and the procedure returns to the main routine 
processing for the time being. Then, in the main routine 
processing, processing for a case in which the response 
to the external apparatus is determined to be unallowa- 
10 ble is performed according to the provided TCP/IP pro- 
tocol. 

[0039] Meanwhile, when it is judged in the step S114 
that the authentication is given (YES), the response to 
the access from the external apparatus is determined to 
15 be allowable (refer to a step S116 in FIG. 3) and then, 
it is judged whether or not the procedure so far is the 
procedure for the first access from the external appara- 
tus (refer to a step S11 8 in FIG. 3). Then, when the ac- 
cess from the external apparatus is judged to be the first 
20 access (YES), the procedure proceeds to a step S120 
described next. Meanwhile, when the access is not 
judged to be the first access (NO), a series of the sub- 
routine processing is finished and the procedure returns 
to the main routine processing since processing in the 
25 step 120 described next has already been carried out 
for the access and need not be repeated again. 
. [0040] In the processing of the step S120, an IP ad- 
dress of a source (the external apparatus) included In a 
packet which is transmitted from the external apparatus 
30 (hereinafter, referred to as a 'source IP address') is ex- 
tracted and stored in a predetermined area of the stor- 
age section 9 (refer to the step S120 in FIG. 3). Note 
that the storage area for the source IP address in this 
case is appropriately an area whose storage content is 
35 not erased even when the power supply is cut off. 
[0041] After the processing of the step S1 20 is over, 
a series of the subroutine processing is f inished and the 
procedure returns to the main routine. Then, in the main 
routine processing, the processing for a case in which 
40 the response to the external apparatus is determined to 
be allowable is carried out according to the provided 
TCP/IP protocol. 

[0042] Meanwhile, when it is judged in the aforesaid 
step S1 02 that the access is not the first access and the 
45 procedure proceeds to a step S1 04, it is judged whether 
or not the source IP address of the external apparatus 
(for example, the managing computer 4) giving the ac- 
cess is identical with a source IP address stored in the 
storage section 9 in advance. Incidentally, the source IP 
so address of the external apparatus is recognizable when 
the source IP address included in a generally known 
form in the packet which is transmitted to the intelligent 
interconnecting device 1 from the external apparatus is 
extracted. 

55 [0043] Then, when it is judged in the step S1 04 that 
the source IP address is identical with the stored source 
IP address (YES), the response to the external appara- 
tus giving the access is determined to be allowable and 
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the procedure proceeds to the processing of the afore- 
said step S1 1 0 (refer to the step S1 06 in FIG. 3). Mean- 
while, when it is judged in the step S1 04 that the source 
IP address is non-identical with the stored source IP ad- 
dress (NO), the response to the external apparatus is 
determined to be unallowable, a series of the subroutine 
processing is finished, and the procedure returns to the 
main routine (refer to a step S1 08 in FIG. 3). In the main 
routine processing, processing for a case in which the 
response to the external apparatus is determined to be 
unallowable is performed according to the provided 
TCP/IP protocol. 

[0044] A second example of the unauthorized access 
avoiding processing which is executed by the central 
controlling section 6 is explained next with reference to 
FIG. 4. Note that the same processing as that shown in 
FIG. 3 is given the same numerals and signs and is not 
explained in detail. The following explanation focuses 
mainly on what is different from the processing shown 
in FIG. 3. 

[0045] To summarize the content of the unauthorized 
access avoiding processing in the second example first, 
in the structure based on the unauthorized access 
avoiding processing in the first example shown in FIG. 
3, a valid period is set for the source IP address of the 
external apparatus whose access is to be accepted and 
moreover, the source IP address which is not identical 
with the stored one is stored in an unauthorized access 
IP list and notified to a managing apparatus. 
[0046] Specific explanation is given below with refer- 
ence to FIG. 4. A subroutine processing shown in FIG. 
4 is different from the subroutine processing shown in 
FIG. 3 in that steps S105, S109a, S109b are provided. 
The other processing content is the same as that in the 
subroutine processing shown in FIG. 3 and therefore, 
only processing content in these newly provided steps 
is explained below. 

[0047] First, when the source IP address of the exter- 
nal apparatus (for example, the managing computer 4) 
giving the access is judged in the step S1 04 to be iden- 
tical with the source IP address which is stored in the 
storage section 9 in advance (YES), it is judged whether 
or not this source IP address is within the valid period 
(refer to the step S105 in FIG. 4). In other words, the 
source IP address of the external apparatus whose ac- 
cess to the intelligent interconnecting device 1 is permit- 
ted is stored in the predetermined area of the storage 
section 9 as described above and the valid period is de- 
termined when the source I P address of the external ap- 
paratus is first stored. In the step S105, it is judged 
whether or not the source IP address is within the valid 
period. Incidentally, time lapse from the time of storing 
the source IP address needs to be recognized in order 
to judge whether or not it is within the valid period, which 
is made possible when what is known as a calendar 
function or clock function is executed through generally 
known software processing in the central controlling 
section 6. 



[0048] Then, when the source IP address is judged in 
the step S105 to be within the valid period (YES), the 
response to the external apparatus giving the access is 
determined to be allowable and the procedure proceeds 
s to the processing of the step S1 1 0 (referto the step S1 06 
In FIG. 4). 

[0049] Meanwhile, when it is judged in the step S1 04 
that the source IP address is non-identical with the 
stored source IP address, or is not within the valid peri- 
10 od, in other words, the valid period is expired, the re- 
sponse to the external apparatus is determined to be 
unallowable (refer to the step S1 08 in FIG. 4) and the 
source IP address of the external apparatus which is 
judged to be non-identical with the stored source IP ad- 
is dress or not to be within the valid period in the judgment 
in the step S104 or the step S105 is registered in the 
unauthorized access IP list (refer to the step S109a in 
FIG. 4). In short, when an access to the intelligent inter- 
connecting device 1 from outside occurs and a source 
20 |p address of the external apparatus giving the access 
is judged to be non-identical with the stored source IP 
address in the step S104, the source IP address which 
is judged to be non-identical is stored in subsequence 
in the unauthorized access IP list which is provided in a 
25 predetermined area of the storage section 9 to register 
therein the source IP address which is judged to be non- 
identical with the stored source IP address. 
[0050] In order to notify the managing computer 4 of 
the source IP address which is judged to be non-identi- 
30 cal with the stored source IP address, this source IP ad- 
dress is then transmitted as a predetermined packet to 
the managing computer 4 via the LAN trunk line inter- 
facing section 7 (referto the step S1 09b in FIG. 4). After 
the processing of the step 109b, the procedure returns 
35 to the main routine processing and the processing for 
the case in which the response to the external apparatus 
is determined to be unallowable is performed according 
to the provided TCP/IP protocol. 
[0051] Incidentally, the source IP address which is 
^0 judged to be non-identical with the stored source IP ad- 
dress is stored (refer to the step S1 09a in FIG. 4) and 
notified to the managing computer 4 (refer to the step 
S1 09b in FIG. 4) in the above second example, but only 
either one of the storage and the notification may be car- 
45 ried out. 

[0052] Furthermore, the explanations of both the first 
and second examples are made on the premise that on- 
ly one source IP address is stored in the intelligent in- 
terconnecting device 1 for the external apparatus whose 
50 access is permitted but it is not restrictive that only one 
source IP address is set and a plurality of them may of 
course be set. 

[0053] When the intelligent interconnecting device 1 
is structured to be operable under an SNMP (Simple 
55 Network Management Protocol) which Is a network con- 
trol protocol in a TCP/IP network, that is, when the in- 
telligent interconnecting device 1 is provided with an 
SNMP agent and, for example, the managing computer 
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4 and other computers are also provided with the SNMP 
manager, a source IP address of the managing compu- 
ter 4 is stored in the intelligent interconnecting device 1 
as managing apparatus information in order to limit a 
transmission destination of an event notice (Trap) from 
the intelligent interconnecting device 1 to a specific com- 
puter, for example, only the managing computer 4 so 
that the Trap is transmitted only to the managing com- 
puter 4 and thereby careless spread of information can 
be prevented. 

[0054] Furthermore, the authentication processing in 
the steps S110, S112 in FIG. 3 and FIG. 4 may be, for 
example, enciphered to improve security. 
[0055] The explanation of the above structure exam- 
ple is made on the premise that the unauthorized access 
avoiding program for an intelligent interconnecting de- 
vice to be executed by the central controlling section 6 
is stored in a nonvolatile semiconductor memory consti- 
tuting a part of the storage section 9 which works as a 
recoding medium of the program and is executed by be- 
ing read in the central controlling section 6 from the sem- 
iconductor memory, but the use of the semiconductor 
memory is not of course restrictive. 
[0056] More specifically, a flexible disk, a CD-ROM, 
an optical recording medium such as a DVD and a PD, 
a magneto-optic recording medium such as an MD, a 
magnetic recording medium, and the like may be used 
as a recording medium other than the semiconductor 
memory. Incidentally, special apparatus for reading and 
writing data are required for some of these recording 
media and the storage section 9 may of course be con- 
stituted by including these apparatus. 
[0057] As described above, according to the present 
invention, the source IP address of the managing com- 
puter is extracted and stored from a packet which is re- 
ceived through the execution processing of the existing 
TCP/IP protocol and communication with an external 
apparatus having an IP address other than the stored 
source I P address is not allowed thereafter, which brings 
about an effect that security, which is not sufficiently se- 
cured in a conventional authentication processing by the 
TCP/IP protocol, is further improved and a system with 
high reliability can be provided compared with a conven- 
tional example. 

[0058] Moreover, the authentication processing by 
the TCP/IP protocol is carried out after the source IP 
address is judged to be identical with the stored source 
IP address and therefore, sufficient security is main- 
tained in an intelligent interconnecting device in which 
TCP/IP protocols of various kinds are provided by exe- 
cuting the authentication processing by one of these 
protocols. Thereby, the authentication processing by the 
individual protocols can be omitted. This brings about 
an effect that software load can be reduced. 
[0059] Furthermore, a response to an access by a 
broadcast can be restricted. This makes it difficult for an 
outside intruder to recognize the existence of an appa- 
ratus to be managed, in other words, the intelligent in- 



terconnecting device to be managed by the managing 
computer, so that security is further improved compared 
with the conventional example. 
[0060] In addition, the user identifier and the pass- 
5 word, which are conventionally prepared for each pro- 
tocol, can be integrated. This brings about an effect that 
software is allowed to be simplified. 



10 Claims 

1. An unauthorized access avoiding method in an in- 
telligent interconnecting device having a function of 
repeating a packet which is transmitted/received 
15 between a plurality of computers and being struc- 
tured to be controllable by an external apparatus 
based on a TCP/IP protocol, wherein the method 
device comprises the steps of : 

20 extracting and storing a source IP address in- 

cluded in a packet which is transmitted from an 
external apparatus when an access from the 
external apparatus is authenticated through ex- 
ecution of the TCP/IP protocol; 

25 

judging, when an access from an external ap- 
paratus occurs thereafter, whether or not a 
source IP address of the external apparatus 
giving the access is identical with the stored 
30 source IP address; and 

permitting communication thereafter between 
the external apparatus having the source IP ad- 
dress identical with the stored transmitting end 
35 IP address and the intelligent interconnecting 

device only when the source IP address of the 
external apparatus is judged to be identical with 
the stored source IP address. 

40 2. Method according to claim 1 , characterized that 
the method further comprises the step of registering 
the source IP address of the external apparatus 
which is judged to be non-identical in an unauthor- 
ized access IP list when the source IP address is 

45 judged to be non-identical with the stored source IP 
address. 

3. Method according to claim 1 or 2, characterized 
that the method further comprises the step of noti- 

so fying an authenticated managing computer of the 
source IP address of the external apparatus which 
is judged to be non-identical when the source IP ad- 
dress is judged to be non-identical with the stored 
source IP address. 

55 

4. Method according to any one of the preceding 
claims, characterized that the method further com- 
prises the steps of: 
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judging whether or not the source IP address 
which is judged to be identical with the stored 
source IP address is within a valid period set in 
advance when the source IP address is judged 
to be identical with the stored source IP ad- s 
dress, and 

permitting communication thereafter between 
the external apparatus having the source IP ad- 
dress which is judged to be within the valid pe- 10 
riod and the intelligent interconnecting device 
only when the source I P address of the external 
apparatus is judged to be within the valid peri- 
od. 

15 

An unauthorized access avoiding program which is 
executed in an intelligent interconnecting device 
having a function of repeating a packet which is 
transmitted/received between a plurality of comput- 
ers and being structured to be controllable by an 20 
external apparatus based on a TCP/IP protocol, 
wherein the program comprises: 

a first step of causing the intelligent intercon- 
necting device to judge whether or not a first 25 
access to the intelligent interconnecting device 
from outside has occurred; 

a second step of causing the intelligent inter- 
connecting device to carry out authentication 30 
processing by using a user identifier and a 
password based on the TCP/IP protocol when 
it is judged in said first step that the first access 
from outside has occurred; 

35 

a third step of causing the intelligent intercon- 
necting device to judge after the authentication 
processing in said second step whether or not 
authentication is given; 

40 

a fourth step of determining an authenticated 
external apparatus as an apparatus to be re- 
sponded to thereafter by the intelligent inter- 
connecting device and causing the intelligent 
interconnecting device to judge whether or not 45 
this access is the first access, when it is judged 
in said third step that the authentication is giv- 
en; 

a fifth step of causing the intelligent intercon- so 
necting device to extract and store a source IP 
address included in a packet which is received 
from the external apparatus in the authentica- 
tion processing when this access of the exter- 
nal apparatus is judged to be the first access in 55 
said fourth step; 

a sixth step of determining the external appa- 



ratus as an apparatus not to be responded to 
thereafter by the intelligent interconnecting de- 
vice when the externa! apparatus is judged not 
to be authenticated in said third step; 

a seventh step of causing the intelligent inter- 
connecting device to judge whether or not the 
source IP address of the external apparatus 
giving the access thereto is identical with the 
stored source IP address when this access is 
judged not to be the first access in said first 
step; 

an eighth step of determining the external ap- 
paratus whose source IP address is judged to 
be identical with the stored source IP address 
as an apparatus to be responded to thereafter 
by the intelligent interconnecting device and 
causing the intelligent interconnecting device 
to process the steps beginning from said sec- 
ond step, when the source IP address of the 
external apparatus is judged to be identical with 
the stored source IP address in said seventh 
step; and 

a ninth step of determining the external appa- 
ratus whose source IP address is judged to be 
non-identical with the stored source IP address 
as an apparatus not to be responded to there- 
after by the intelligent interconnecting device 
when the source IP address of the external ap- 
paratus is judged to be non-identical with the 
stored source IP address in said seventh step. 

6. An unauthorized access avoiding program which is 
executed in an intelligent interconnecting device 
having a function of repeating a packet which is 
transmitted/received between a plurality of comput- 
ers and being structured to be controllable by an 
external apparatus based on a TCP/IP protocol, 
preferably according to claim 5, wherein the pro- 
gram comprises: 

a first step of causing the intelligent intercon- 
necting device to judge whether or not a first 
access to the intelligent interconnecting device 
from outside has occurred; 

a second step of causing the intelligent inter- 
connecting device to carry out authentication 
processing by using a user identifier and a 
password based on the TCP/IP protocol when 
it is judged in said first step that the first access 
from outside has occurred; 

a third step of causing the intelligent intercon- 
necting device to judge after the authentication 
processing in said second step whether or not 
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authentication is given; 

a fourth step of determining an authenticated 
external apparatus as an apparatus to be re- 
sponded to thereafter by the intelligent inter- 
connecting device and causing the intelligent 
interconnecting device to judge whether or not 
this access is the first access, when it is judged 
in said third step that the authentication is giv- 



a fifth step of causing the intelligent intercon- 
necting device to extract and store a source IP 
address included in a packet which is received 
from the external apparatus in the authentica- 1$ 
tion processing when this access of the exter- 
nal apparatus is judged to be the first access in 
said fourth step; 

a sixth step of determining the external appa- 20 
ratus as an apparatus not to be responded to 
thereafter by the intelligent interconnecting de- 
vice when the external apparatus is judged not 
to be authenticated in said third step; 

25 

a seventh step of causing the intelligent inter- 
connecting device to judge whether or not the 
source IP address of the external apparatus 
giving the access thereto is identical with the 
stored source IP address when this access is 30 
judged not to be the first access in said first 
step; 

an eighth step of causing the intelligent inter- 
connecting device to judge whether or not the 35 
source IP address is within a predetermined 
valid period when the source IP address of the 
external apparatus is judged to be identical with 
the stored source IP address in said seventh 



a ninth step of determining the external appa- 
ratus having the source IP address which is 
judged to be within the predetermined valid pe- 
riod as an apparatus to be responded to there- 45 
after by the intelligent interconnecting device 
and causing the intelligent interconnecting de- 
vice to execute the steps beginning from said 
second step, when the source IP address of the 
external apparatus is judged to be within the so 
predetermined valid period in said eighth step; 
and 

a tenth step of determining the external appa- 
ratus whose source IP address is judged to be 55 
non-identical or is judged to be not within the 
predetermined valid period as an apparatus not 
to be responded to thereafter by the intelligent 



interconnecting device, when the source IP ad- 
dress of the external apparatus is judged to be 
non-identical with the stored source IP address 
in said seventh step or is judged to be not within 
the predetermined valid period in said eighth 
step. 

An unauthorized access avoiding program which is 
executed in an intelligent interconnecting device 
having a function of repeating a packet which is 
transmitted/received between a plurality of comput- 
ers and being structured to be controllable by an 
external apparatus based on a TCP/IP protocol, 
preferably according to claim 5 or 6, wherein the 
program comprises: 

a first step of causing the intelligent intercon- 
necting device to judge whether or not a first 
access to the intelligent interconnecting device 
from outside has occurred; 

a second step of causing the intelligent inter- 
connecting device to carry out authentication 
processing by using a user identifier and a 
password based on the TCP/IP protocol when 
it is judged in said first step that the first access 
from outside has occurred; 

a third step of causing the intelligent intercon- 
necting device to judge after the authentication 
processing in said second step whether or not 
authentication is given; 

a fourth step of determining an authenticated 
external apparatus as an apparatus to be re- 
sponded to thereafter by the intelligent inter- 
connecting device and causing the intelligent 
interconnecting device to judge whether or not 
this access is the first access, when it is judged 
in said third step that the authentication is giv- 
en; 

a fifth step of causing the intelligent intercon- 
necting device to extract and store a source IP 
address included in a packet which is received 
from the external apparatus in the authentica- 
tion processing when this access of the exter- 
nal apparatus is judged to be the first access in 
said fourth step; 

a sixth step of determining the external appa- 
ratus as an apparatus not to be responded to 
thereafter by the intelligent interconnecting de- 
vice when the external apparatus is judged not 
to be authenticated in said third step; 

a seventh step of causing the intelligent inter- 
connecting device to judge whether or not the 
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source IP address of the external apparatus 
giving the access thereto is identical with the 
stored source IP address when this access is 
judged not to be the first access in said first 
step; 5 

an eighth step of causing the intelligent inter- 
connecting device to judge whether or not the 
source IP address is within a predetermined 
valid period when the source IP address of the 10 
external apparatus is judged to be identical with 
the stored source IP address in said seventh 
step; 

a ninth step of determining the external appa- '5 
ratus having the source IP address which is 
judged to be within the predetermined valid pe- 
riod as an apparatus to be responded to there- 
after by the intelligent interconnecting device 
and causing the intelligent interconnecting de- 20 
vice to execute the steps beginning from said 
second step, when the source IP address of the 
external apparatus is judged to be within the 
predetermined valid period in said eighth step; 
and 25 

a tenth step of determining the external appa- 
ratus whose source IP address is judged to be 
non-identical or is judged to be not within the 
predetermined valid period as an apparatus not 30 
to be responded to thereafter by the intelligent 
interconnecting device and causing the intelli- 
gent interconnecting device to store therein the 
source IP address of the external apparatus 
which is determined as the apparatus not to be 35 
responded to, when the source IP address of 
the external apparatus is judged to be non- 
identical with the stored source IP address in 
said seventh step or is judged to be not within 
the predetermined valid period in said eighth *o 
step. 

An unauthorized access avoiding program which is 
executed in an intelligent interconnecting device 
having a function of repeating a packet which is 45 
transmitted/received between a plurality of comput- 
ers and being structured to be controllable by an 
external apparatus based on a TCP/IP protocol, 
preferably according to any one of claims 5 to 7, 
wherein the program comprises: so 

a first step of causing the intelligent intercon- 
necting device to judge whether or not a first 
access to the intelligent interconnecting device 
from outside has occurred; ss 

a second step of causing the intelligent inter- 
connecting device to carry out authentication 



processing by using a user identifier and a 
password based on the TCP/IP protocol when 
it is judged in said first step that the first access 
from outside has occurred; 

a third step of causing the intelligent intercon- 
necting device to judge after the authentication 
processing in said second step whether or not 
authentication is given; 

a fourth step of determining an authenticated 
external apparatus as an apparatus to be re- 
sponded to thereafter by the intelligent inter- 
connecting device and causing the intelligent 
interconnecting device to judge whether or not 
this access is the first access, when it is judged 
in said third step that the authentication is giv- 
en; 

a fifth step of causing the intelligent intercon- 
necting device to extract and store a source IP 
address included in a packet which is received 
from the external apparatus in the authentica- 
tion processing when this access of the exter- 
nal apparatus is judged to be the first access in 
said fourth step; 

a sixth step of determining the external appa- 
ratus as an apparatus not to be responded to 
thereafter by the intelligent interconnecting de- 
vice when the external apparatus is judged not 
to be authenticated in said third step; 

a seventh step of causing the intelligent inter- 
connecting device to judge whether or not the 
source IP address of the external apparatus 
giving the access thereto is identical with the 
stored source IP address when this access is 
judged not to be the first access in said first 
step; 

an eighth step of causing the intelligent inter- 
connecting device to judge whether or not the 
source IP address is within a predetermined 
valid period when the source IP address of the 
external apparatus is judged to be identical with 
the stored source IP address in said seventh 
step; 

a ninth step of determining the external appa- 
ratus having the source IP address which is 
judged to be within the predetermined valid pe- 
riod as an apparatus to be responded to there- 
after by the intelligent interconnecting device 
and causing the intelligent interconnecting de- 
vice to execute the steps beginning from said 
second step, when the source IP address of the 
external apparatus is judged to be within the 
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predetermined valid period in said eighth step; 
and 

a tenth step of determining the external appa- 
ratus whose source IP address is judged to be 
non-identical or is judged to be not within the 
predetermined valid period as an apparatus not 
to be responded to thereafter by the intelligent 
interconnecting device and causing the intelli- 
gent interconnecting device to notify a prede- 
termined managing computer of the source IP 
address of the external apparatus which is de- 
termined as the apparatus not to be responded 
to, when the source IP address of the external 
apparatus is judged to be non-identical with the 
stored source IP address in said seventh step 
or is judged to be not within the predetermined 
valid period in said eighth step. 

9. Program according to claim 7, characterized in 
that the program further comprises an eleventh 
step of causing the intelligent interconnecting de- 
vice to notify a predetermined managing computer 
of the source IP address of the external apparatus 
which is determined as the apparatus not to be re- 
sponded to in said tenth step. 

10. A recording medium in which a computer readable 
unauthorized access avoiding program executed in 
an intelligent interconnecting device having a func- 
tion of repeating a packet which is transmitted/re- 
ceived between a plurality of computers and being 
structured to be controllable by an external appara- 
tus based on a TCP/IP protocol is recorded, where- 
in the program comprises: 
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a first step of causing the intelligent intercon- 
necting device to judge whether or not a first 
access to the intelligent interconnecting device 
from outside has occurred; 40 



a second step of causing the intelligent inter- 
connecting device to carry out authentication 
processing by using a user identifier and a 
password based on the TCP/IP protocol when 
it is judged in the first step that the first access 
from outside has occurred; 
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a third step of causing the intelligent intercon- 
necting device to judge after the authentication 
processing in the second step whether or not 
authentication is given; 

a fourth step of determining an authenticated 
external apparatus as an apparatus to be re- 
sponded to thereafter by the intelligent inter- 
connecting device and causing the intelligent 
interconnecting device to judge whether or not 
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this access is the f irst access, when it is judged 
in the third step that the authentication is given; 

a fifth step of causing the intelligent intercon- 
necting device to extract and store a source IP 
address included in a packet which is received 
from the external apparatus in the authentica- 
tion processing when this access of the exter- 
nal apparatus is judged to be the first access in 
the fourth step; 

a sixth step of determining the external appa- 
ratus as an apparatus not to be responded to 
thereafter by the intelligent interconnecting de- 
vice when the external apparatus is judged not 
to be authenticated in the third step; 

a seventh step of causing the intelligent inter- 
connecting device to judge whether or not the 
source IP address of the external apparatus 
giving the access thereto is identical with the 
stored source IP address when this access is 
judged not to be the first access in the first step; 

an eighth step of determining the external ap- 
paratus whose source IP address is judged to 
be identical with the stored source IP address 
as an apparatus to be responded to thereafter 
by the intelligent interconnecting device and 
causing the intelligent interconnecting device 
to process the steps beginning from the second 
step, when the source IP address of the exter- 
nal apparatus is judged to be identical with the 
stored source IP address in the seventh step; 
and 

a ninth step of determining the external appa- 
ratus whose source IP address is judged to be 
non-identical with the stored source IP address 
as an apparatus not to be responded to there- 
after by the intelligent interconnecting device 
when the source IP address of the external ap- 
paratus is judged to be non-identical with the 
stored source IP address in the seventh step. 

A recording medium in which a computer readable 
unauthorized access avoiding program executed in 
an intelligent interconnecting device having a func- 
tion of repeating a packet transmitted/received be- 
tween a plurality of computers and being structured 
to be controllable by an external apparatus based 
on a TCP/IP protocol is recorded, preferably ac- 
cording to claim 1 0, wherein program comprises: 

a first step of causing the intelligent intercon- 
necting device to judge whether or not a first 
access to the intelligent interconnecting device 
from outside has occurred; 



12 



23 



EP 1 274 212 A1 



24 



a second step of causing the intelligent inter- 
connecting device to carry out authentication 
processing by using a user identifier and a 
password based on the TCP/IP protocol when 
it is judged in the first step that the first access 5 
from outside has occurred; 

a third step of causing the intelligent intercon- 
necting device to judge after the authentication 
processing in the second step whether or not 10 
authentication is given; 

a fourth step of determining an authenticated 
external apparatus as an apparatus to be re- 
sponded to thereafter by the intelligent inter- « 
connecting device and causing the intelligent 
interconnecting device to judge whether or not 
this access is the first access, when it is judged 
in the third step that the authentication is given; 

20 

a fifth step of causing the intelligent intercon- 
necting device to extract and store a source IP 
address included in a packet which is received 
from the external apparatus in the authentica- 
tion processing when this access of the exter- 2s 
nal apparatus is judged to be the first access in 
the fourth step; 

a sixth step of determining the external appa- 
ratus as an apparatus not to be responded to 30 
thereafter by the intelligent interconnecting de- 
vice when the external apparatus is judged not 
to be authenticated in the third step; 

a seventh step of causing the intelligent inter- 35 
connecting device to judge whether or not the 
source IP address of the external apparatus 
giving the access thereto is identical with the 
stored source IP address when this access is 
judged not to be the first access in the first step; *o 

an eighth step of causing the intelligent inter- 
connecting device to judge whether or not the 
source IP address is within a predetermined 
valid period when the source IP address of the 45 
external apparatus is judged to be identical with 
the stored source IP address in the seventh 
step; 

a ninth step of determining the external appa- so 
ratus having the source IP address which is 
judged to be within the predetermined valid pe- 
riod as an apparatus to be responded to there- 
after by the intelligent interconnecting device 
and causing the intelligent interconnecting de- 55 
vice to execute the steps beginning from the 
second step, when the source IP address of the 
external apparatus is judged to be within the 



predetermined valid period in the eighth step; 
and 

a tenth step of determining the external appa- 
ratus whose source IP address is judged to be 
non-identical or is judged to be not within the 
predetermined valid period as an apparatus not 
to be responded to thereafter by the intelligent 
interconnecting device, when the source IP ad- 
dress of the external apparatus is judged to be 
non-identical with the stored source IP address 
in the seventh step or is judged to be not within 
the predetermined valid period in the eighth 
step. 

12. A recording medium in which a computer readable 
unauthorized access avoiding program executed in 
an intelligent interconnecting device having a func- 
tion of repeating a packet transmitted/received be- 
tween a plurality of computers and being structured 
to be controllable by an external apparatus based 
on a TCP/IP protocol is recorded, preferably ac- 
cording to claim 1 0 or 1 1 , wherein the program com- 
prises: 

a first step of causing the intelligent intercon- 
necting device to judge whether or not a first 
access to the intelligent interconnecting device 
from outside has occurred; 

a second step of causing the intelligent inter- 
connecting device to carry out authentication 
processing by using a user identifier and a 
password based on the TCP/IP protocol when 
it is judged in the first step that the first access 
from outside has occurred; 

a third step of causing the intelligent intercon- 
necting device to judge after the authentication 
processing in the second step whether or not 
authentication is given; 

a fourth step of determining an authenticated 
external apparatus as an apparatus to be re- 
sponded to thereafter by the intelligent inter- 
connecting device and causing the intelligent 
interconnecting device to judge whether or not 
this access is the first access, when it is judged 
in the third step that the authentication is given; 

a fifth step of causing the intelligent intercon- 
necting device to extract and store a source IP 
address included in a packet which is received 
from the external apparatus in the authentica- 
tion processing when this access of the exter- 
nal apparatus is judged to be the first access in 
the fourth step; 
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a sixth step of determining the external appa- 
ratus as an apparatus not to be responded to 
thereafter by the intelligent interconnecting de- 
vice when the external apparatus is judged not 
to be authenticated in the third step; 

a seventh step of causing the intelligent inter- 
connecting device to judge whether or not the 
source IP address of the external apparatus 
giving the access thereto is identical with the 
stored source IP address when this access is 
judged not to be the first access in the first step; 

an eighth step of causing the intelligent inter- 
connecting device to judge whether or not the 
source IP address is within a predetermined 
valid period when the source IP address of the 
external apparatus is judged to be identical with 
the stored source IP address in the seventh 



a ninth step of determining the externa) appa- 
ratus having the source IP address which is 
judged to be within the predetermined valid pe- 
riod as an apparatus to be responded to there- 
after by the intelligent interconnecting device 
and causing the intelligent interconnecting de- 
vice to execute the steps beginning from the 
second step, when the source IP address of the 
external apparatus is judged to be within the 
predetermined valid period in the eighth step; 
and 

a tenth step of determining the external appa- 
ratus whose source IP address is judged to be 
non-identical or is judged to be not within the 
predetermined valid period as an apparatus not 
to be responded to thereafter by the intelligent 
interconnecting device and causing the intelli- 
gent interconnecting device to store therein the 40 
source IP address of the external apparatus 
which is determined as the apparatus not to be 
responded to, when the source IP address of 
the external apparatus is judged to be non- 
identical with the stored source IP address in 45 
the seventh step or is judged to be not within 
the predetermined valid period in the eighth 
step. 

13. A recording medium in which a computer readable so 
unauthorized access avoiding program executed in 
an intelligent interconnecting device having a func- 
tion of repeating a packet transmitted/received be- 
tween a plurality of computers and being structured 
to be controllable by an external apparatus based « 
on a TCP/IP protocol is recorded, preferably ac- 
cording to any one of claims 10 to 12, wherein the 
program comprises: 



a first step of causing the intelligent intercon- 
necting device to judge whether or not a first 
access to the intelligent interconnecting device 
from outside has occurred; 

a second step of causing the intelligent inter- 
connecting device to carry out authentication 
processing by using a user identifier and a 
password based on the TCP/IP protocol when 
It is judged in the first step that the first access 
from outside has occurred; 

a third step of causing the intelligent intercon- 
necting device to judge after the authentication 
processing in the second step whether or not 
authentication is given; 

a fourth step of determining an authenticated 
external apparatus as an apparatus to be re- 
sponded to thereafter by the intelligent inter- 
connecting device and causing the intelligent 
interconnecting device to judge whether or not 
this access is the first access, when it is judged 
in the third step that the authentication is given; 

a fifth step of causing the intelligent intercon- 
necting device to extract and store a source IP 
address included in a packet which is received 
from the external apparatus in the authentica- 
tion processing when this access of the exter- 
nal apparatus is judged to be the first access in 
the fourth step; 

a sixth step of determining the external appa- 
ratus as an apparatus not to be responded to 
thereafter by the intelligent interconnecting de- 
vice when the external apparatus is judged not 
to be authenticated in the third step; 

a seventh step of causing the intelligent inter- 
connecting device to judge whether or not the 
source IP address of the external apparatus 
giving the access thereto is identical with the 
stored source IP address when this access is 
judged not to be the first access in the first step; 

an eighth step of causing the intelligent inter- 
connecting device to judge whether or not the 
source IP address is within a predetermined 
valid period when the source IP address of the 
external apparatus is judged to be identical with 
the stored source IP address in the seventh 
step; 

a ninth step of determining the external appa- 
ratus having the source IP address which is 
judged to be within the predetermined valid pe- 
riod as an apparatus to be responded to there- 



14 



27 EP 1 274 

after by the intelligent interconnecting device 
and causing the intelligent interconnecting de- 
vice to execute the steps beginning from the 
second step, when the source IP address of the 
external apparatus is judged to be within the s 
predetermined valid period in the eighth step; 
and 

a tenth step of determining the external appa- 
ratus whose source IP address is judged to be 10 
non-identical or is Judged to be not within the 
predetermined valid period as an apparatus not 
to be responded to thereafter by the intelligent 
interconnecting device and causing the intelli- 
gent interconnecting device to notify a prede- is 
termined managing computer of the source IP 
address of the external apparatus which is de- 
termined as the apparatus not to be responded 
to, when the source IP address of the external 
apparatus is judged to be non-identical with the so 
stored source IP address in the seventh step or 
within the predetermined valid period in the 
eighth step. 

14. Recording medium according to claim 12, charac- 25 
terized in that the program further comprises an 
eleventh step of causing the intelligent intercon- 
necting device to notify a predetermined managing 
computer of the source IP address of the external 
apparatus which is determined as the apparatus not 30 
to be responded to by the intelligent interconnecting 
device in the tenth step. 

1 5. Recording medium, preferably according to any one 

of claims 1 0 to 1 4, characterized in that a program 35 
according to any one of claims 5 to 9 is recorded on 
the recording medium. 

16. An intelligent interconnecting device having a func- 
tion of repeating a packet which is transmitted/re- 40 
ceived between a plurality of computers and being 
structured to be controllable by an external appara- 
tus based on a TCP/IP protocol, wherein the device 
comprises: 

45 

a LAN trunk line interfacing section having an 
' interface function with a LAN trunk line; 

a port interfacing section having an interface 
function with a terminal connected thereto; so 

a storage section for storing a program and da- 
ta therein, and 

a central controlling section for controlling op- 55 
erations of said LAN trunk line interfacing sec- 
tion, said port interfacing section, and said stor- 
age section, wherein said central controlling 
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section executes the following steps: 

to extract a source IP address included in 
a packet which is transmitted from an ex- 
ternal apparatus and store it in said storage 
section when an access from the external 
apparatus is authenticated through execu- 
tion of the TCP/IP protocol; 

to Judge, when an access from an external 
apparatus occurs thereafter, whether or 
not a source IP address of the external ap- 
paratus giving the access is identical with 
the stored source IP address; and 

to permit communication thereafter with 
the external apparatus having the source 
IP address identical with the stored trans- 
mitting end IP address only when the 
source IP address is judged to be identical 
with the stored source IP address. 

17. Device according to claim 16, characterized in 
that, when the source IP address is judged to be 
non-identical with the stored source IP address, 
said central controlling section registers the source 
IP address which is judged to be non-identical with 
the stored source IP address in an unauthorized ac- 
cess IP list. 

18. Device according to claim 16 or 17, characterized 
in that, when the source IP address is judged to be 
non-identical with the stored source IP address, 
said controlling section notifies an authenticated 
managing computer of the source IP address which 
is judged to be non-identical with the stored source 
IP address. 

19. Device according to any one of claims 16 to 18, 
characterized in that, when the source IP address 
is judged to be identical with the stored source IP 
address, said central controlling section judges 
whether or not the source IP address which is 
judged to be identical with the stored source IP ad- 
dress is within a valid period set in advance and per- 
mits communication thereafter between the exter- 
nal apparatus having the source IP address which 
is judged to be within the predetermined valid period 
and the intelligent interconnecting device only when 
it is judged to be within the valid period. 

20. An intelligent interconnecting device having a func- 
tion of repeating a packet which is transmitted/re- 
ceived between a plurality of computers and being 
structured to be controllable by an external appara- 
tus based on a TCP/IP protocol, preferably accord- 
ing to any one claims 1 6 to 1 9, wherein the device 
comprises: 
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a LAN trunk line interfacing section having an 
interface function with a LAN trunk line; 

a port interfacing section having an interface 
function with a terminal connected thereto; 5 

a storage section for storing a program and da- 
ta therein; and 

a central controlling section for controlling op- 10 
erations of said LAN trunk line interfacing sec- 
tion, said port interfacing section, and said stor- 
age section, wherein said central controlling 
section executes the following steps: 

15 

a first step of causing the intelligent inter- 
connecting device to judge whether or not 
a first access to the intelligent i nterconnect- 
ing device from outside has occurred; 

20 

a second step of causing the intelligent in- 
terconnecting device to carry out authenti- 
cation processing by using a user identifier 
and a password based on the TCP/IP pro- 
tocol when it is judged in the first step that 2s 
the first access from outside has occurred; 

a third step of causing the intelligent inter- 
connecting device to judge after the au- 
thentication processing in the second step 30 
whether or not authentication is given; 

a fourth step of determining an authenticat- 
ed external apparatus as an apparatus to 
be responded to thereafter by the intelii- 35 
gent interconnecting device and causing 
the intelligent interconnecting device to 
judge whether or not this access is the first 
access, when it is judged in the third step 
that the authentication is given; * 0 

a fifth step of causing the intelligent inter- 
connecting device to extract and store a 
source IP address included in a packet 
which is received from the external appa- 45 
ratus in the authentication processing 
when this access of the external apparatus 
is judged to be the first access in the fourth 
step; 

so 

a sixth step of determining the external ap- 
paratus as an apparatus not to be respond- 
ed to thereafter by the intelligent intercon- 
necting device when the external appara- 
tus is judged not to be authenticated in the 55 
third step; 

a seventh step of causing the intelligent in- 



terconnecting device to judge whether or 
not the source IP address of the external 
apparatus giving the access thereto is 
identical with the stored source IP address 
when this access is judged not to be the 
first access in the first step; 

an eighth step of determining the external 
apparatus whose source IP address is 
judged to be identical with the stored 
source IP address as an apparatus to be 
responded to thereafter by the intelligent 
interconnecting device and causing the in- 
telligent interconnecting device to process 
the steps beginning from the second step 
when the source IP address of the external 
apparatus is judged to be identical with the 
stored source IP address in the seventh 
step; and 

a ninth step of determining the external ap- 
paratus whose source IP address is judged 
to be non-identical with the stored source 
IP address as an apparatus not to be re- 
sponded to thereafter by the intelligent in- 
terconnecting device when the source IP 
address of the external apparatus is judged 
to be non-identical with the stored source 
IP address in the seventh step. 

An intelligent interconnecting device having a func- 
tion of repeating a packet which is transmitted/re- 
ceived between a plurality of computers and being 
structured to be controllable by an external appara- 
tus based on a TCP/IP protocol, preferably accord- 
ing to any one claims 16 to 20, wherein the device 
comprises: 

a LAN trunk line interfacing section having an 
interface function with a LAN trunk line; 

a port interfacing section having an interface 
function with a terminal connected thereto; 

a storage section for storing a program and da- 
ta therein; and 

a central controlling section for controlling op- 
erations of said LAN trunk line interfacing sec- 
tion , said port interfacing section , and said stor- 
age section, wherein said central controlling 
section executes the following steps: 

a first step of causing the intelligent inter- 
connecting device to judge whether or not 
a first access to the intelligent interconnect- 
ing device from outside has occurred; 
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a second step of causing the intelligent in- 
terconnecting device to carry out authenti- 
cation processing by using a user identifier 
and a password based on the TCP/IP pro- 
tocol when it is judged in the first step that 
the first access from outside has occurred; 

a third step of causing the intelligent inter- 
connecting device to judge after the au- 
thentication processing in the second step 
whether or not authentication is given; 

a fourth step of determining an authenticat- 
ed external apparatus as an apparatus to 
be responded to thereafter by the intelli- 
gent interconnecting device and causing 
the intelligent interconnecting device to 
judge whether or not this access is the first 
access, when it is judged in the third step 
that the authentication is given; 

a fifth step of causing the intelligent inter- 
connecting device to extract and store a 
source IP address included in a packet 
which is received from the external appa- 
ratus in the authentication processing 
when this access of the external apparatus 
is Judged to be the first access in the fourth 
step; 

a sixth step of determining the external ap- 
paratus as an apparatus not to be respond- 
ed to thereafter by the intelligent intercon- 
necting device when the external appara- 
tus is judged not to be authenticated in the 
third step; 

a seventh step of causing the intelligent in- 
terconnecting device to judge whether or 
not the source IP address of the external 
apparatus giving the access thereto is 
Identical with the stored source IP address 
when this access is judged not to be the 
first access in the first step; 

an eighth step of causing the intelligent in- 
terconnecting device to judge whether or 
not the source IP address is within a pre- 
determined valid period when the source 
IP address of the external apparatus is 
judged to bo identical with the stored 
source IP address in the seventh stop; 

a ninth step of determining the external ap- 
paratus having the source IP address 
which is judged to be within the predeter- 
mine valid period as an apparatus to be re- 
sponded to thereafter by the intelligent in- 
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terconnecting device and causing the intel- 
ligent interconnecting device to execute 
the steps beginning from the second step, 
when the source IP address of the external 
apparatus is judged to be within the prede- 
termined valid period in the eighth step; 
and 

a tenth step of determining the external ap- 
paratus whose source IP address is judged 
to be non-identical or is judged to be not 
within the predetermined valid period as an 
apparatus not to be responded to thereaf- 
ter by the intelligent interconnecting de- 
vice, when the source I P address of the ex- 
ternal apparatus is judged to be non-iden- 
tical with the stored source IP address in 
the seventh step or is judged to be not with- 
in the predetermined valid period in the 
eighth step. 

22. An intelligent interconnecting device having a func- 
tion of repeating a packet which is transmitted/re- 
ceived between a plurality of computers and being 
structured to be controllable by an external appara- 
tus based on a TCP/IP protocol, preferably accord- 
ing to any one of claims 1 6 to 21 , wherein the device 
comprises: 

a LAN trunk line interfacing section having an 
interface function with a LAN trunk line; 

a port interfacing section having an interface 
function with a terminal connected thereto; 

a storage section for storing a program and da- 
ta therein; and 

a central controlling section for controlling op- 
erations of said LAN trunk line interfacing sec- 
tion, said port interfacing section, and said stor- 
age section, wherein said central controlling 
section executes the following steps: 

a first step of causing the intelligent inter- 
connecting device to judge whether or not 
a first access to the intelligent interconnect- 
ing device from outside has occurred; 

a second step of causing the intelligent in- 
terconnecting device to carry out authenti- 
cation processing by using a user identifier 
and a password based oh the TCP/IP pro- 
tocol when it is judged in the first step that 
the first access from outside has occurred; 

a third step of causing the intelligent inter- 
connecting device to judge after the au- 
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thentication processing in the second step 
whether or . not authentication is given; 

a fourth step of determining an authenticat- 
ed external apparatus as an apparatus to 
be responded to thereafter by the intelli- 
gent interconnecting device and causing 
the intelligent interconnecting device to 
judge whether or not this access is the first 
access, when it is judged in the third step 
that the authentication is given; 

a fifth step of causing the intelligent inter- 
connecting device to extract and store a 
source IP address included in a packet 
which is received from the external appa- 
ratus in the authentication processing 
when this access of the external apparatus 
is judged to be the first access in the fourth 
step; 

a sixth step of determining the external ap- 
paratus as an apparatus not to be respond- 
ed to thereafter by the intelligent intercon- 
necting device when the external appara- 
tus is judged not to be authenticated in the 
third step; 

a seventh step of causing the intelligent in- 
terconnecting device to judge whether or 
not the source IP address of the external 
apparatus giving the access thereto is 
identical with the stored source IP address 
when this access is judged not to be the 
first access in the first step; 

an eighth step of causing the intelligent in- 
terconnecting device to judge whether or 
not the source IP address is within a pre- 
determined valid period when the source 
IP address of the external apparatus is 
judged to be identical with the stored 
source IP address in the seventh step; 
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to be non-identical or is judged to be not 
within the predetermined valid period as an 
apparatus not to be responded to thereaf- 
ter by the intelligent interconnecting device 
and storing in said storage section the 
source IP address of the external appara- 
tus which is determined as the apparatus 
not to be responded to, when the source IP 
address of the external apparatus is judged 
to be non-identical with the stored source 
IP address in the seventh step or is judged 
to be not within the predetermined valid pe- 
riod in the eighth step. 



15 23. An intelligent interconnecting device having a func- 
tion of repeating a packet which is transmitted/re- 
ceived between a plurality of computers and being 
structured to be controllable by an external appara- 
tus based on a TCP/IP protocol, preferably accord- 
ing to any one of claims 1 6 to 22, wherein the device 
comprises: 

a LAN trunk line interfacing section having an 
interface function with a LAN trunk line; 
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a ninth step of determining the external ap- 
paratus having the source IP address 
which is judged to be within the predeter- 
mined valid period as an apparatus to be 
responded to thereafter by the intelligent 
interconnecting device and causing the in- 
telligent interconnecting device to execute 
the steps beginning from the second step, 
when the source IP address of the external 
apparatus is judged to be within the prede- 
termined alid period in the eighth step; and 

a tenth step of determining the external ap- 
paratus wh osc source IP address is judged 
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a port interfacing section having an interface 
function with a terminal connected thereto; 

a storage section for storing a program and da- 
ta therein; and 

a central controlling section for controlling op- 
erations of said LAN trunk line interfacing sec- 
tion, said port interfacing section, and said stor- 
age section, wherein said central controlling 
section executes the following steps: 

a first step of causing the intelligent inter- 
connecting device to judge whether or not 
a first access to the intelligent interconnect- 
ing device from outside has occurred; 

a second step of causing the intelligent in- 
terconnecting device to carry out authenti- 
cation processing by using a user identifier 
and a password based on the TCP/IP pro- 
tocol when it is judged in the first step that 
the first access from outside has occurred; 

a third step of causing the intelligent inter- 
connecting device to judge after the au- 
thentication processing in the second step 
whether or not authentication is given; 

a fourth step of determining an authenticat- 
ed external apparatus as an apparatus to 
be responded to thereafter by the intelli- 
gent interconnecting device and causing 
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the intelligent interconnecting device to 
judge whether or not this access is the first 
access, when it is judged in the third step 
that the authentication is given; 

a fifth step of causing the intelligent inter- 
connecting device to extract and store a 
source IP address included in a packet 
which is received from the external appa- 
ratus in the authentication processing 
when this access of the external apparatus 
is judged to be the first access in the fourth 
step; 

a sixth step of determining the external ap- 
paratus as an apparatus not to be respond- 
ed to thereafter by the intelligent intercon- 
necting device when the external appara- 
tus is judged not to be authenticated in the 
third step; 

a seventh step of causing the intelligent in- 
terconnecting device to judge whether or 
not the source IP address of the external 
apparatus giving the access thereto is 
identical with the stored source IP address 
when this access is judged not to be the 
first access in the first step; 

an eighth step of causing the intelligent in- 
terconnecting device to judge whether or 
not the source IP address is within a pre- 
determined valid period when the source 
IP address of the external apparatus is 
judged to be identical with the stored 
source IP address in the seventh step; 

a ninth step of determining the external ap- 
paratus having the source IP address 
which is judged to be within the predeter- 
mined valid period as an apparatus to be 
responded to thereafter by the intelligent 
interconnecting device and causing the in- 
telligent interconnecting device to execute 
the steps beginning from the second step, 
when the source IP address of the external 
apparatus is judged to be within the prede- 
termined valid period in the eighth step; 
and 

a tenth step of determining the external ap- 
paratus whose source IP address is judged 
to be non-identical or is judged to be not 
within the predetermined valid period as an 
apparatus not to be responded to thereaf- 
ter by the intelligent interconnccling device 
and notifying a predetermined managing 
computer of the source IP address of the 



external apparatus which is determined as 
the apparatus not to be responded to, 
when the source IP address of the external 
apparatus is judged to be non-identical 
5 with the stored source IP address in the 

seventh step or is judged to be not within 
the predetermined valid period in the 
eighth step. 

10 24. Device according to claim 22, characterized in 
that said central controlling section executes an 
eleventh step of notifying a predetermined manag- 
ing computer of the source IP address of the exter- 
nal apparatus which is determined as the apparatus 

15 not to be responded to in the tenth step. 

25. A LAN system comprising an intelligent intercon- 
necting device having a function of repeating a 
packet which is transmitted/received between a plu- 

20 rality of computers and being structured to be con- 
trollable by an external apparatus based on a TCP/ 
IP protocol, the intelligent interconnecting device 
being connected to a LAN trunk line while the plu- 
rality of computers being connected to the intelli- 

25 gent interconnecting device, wherein said intelli- 
gent interconnecting device is designed according 
to any one of claims 1 6 to 24. 
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Pages of original application documents filed on the application date, 

Pages filed on; Pages filed on; 

Pages filed on; Pages filed on; 

□Drawings: 

Pages of original application documents filed on the application date, 

Pages filed on; Pages filed on; 

Pages filed on; Pages filed on; 



I I Abstract: □ Filed on the application date; □ filed on 

□Drawing selected for publication on the front page of the application: □ Filed on the application date; □ 
filed on 



5.Q This Notification is issued without a search having been conducted, 
E] This Notification is issued with a search having been conducted. 

[3 The following reference documents have been cited in this office action (their serial numbers 
will be referred to in the ensuing examination procedure): 



Serial No. 


Reference document( Number or Title) 


Publication Date 
(or Filing date of interference patent 
applications) 


I 


EP1274212A1 


08day 01 month 2003 year 


2 




day month year 


3 




day month year 


4 




day month year 



6. The result of the examination is as follows: 
[3 Description: 

□ The subject matter of the application falls into the scope on which no patent rights shall be 
granted as provided by Article 5 of the Chinese Patent Law. 

□ The description is not in conformity with the provisions of Article 26(3) of the Chinese 
Patent Law. 

The description is not in conformity with the provisions of Rule 18 of the Implementing 
Regulations of the Chinese Patent Law. 

E Claims: 

El Claims 7-12 falls into the scope, on which no granted patent rights shall be granted, 
as provided by Article 25 of the Chinese Patent Law. 

□ Claim is not in conformity with the definition of invention as prescribed by Rule 

2(1) of the Implementing Regulations of the Chinese Patent Law. 

□ Claim does not possess novelty as provided by Article 22(2) of the Chinese 

Patent Law. 



El Claims 1. 6 does not possess inventiveness as provided by Article 22(3) of the 
Chinese Patent Law. 

□ Claim does not possess practical applicability as provided by Article 22(4) of 

the Chinese Patent Law. 
KI Claim _2 is not in conformity with the provisions of Article 26(4) of the Chinese 

Patent Law. 

D Claim is not in conformity with the provisions of Article 31(1) of the Chinese 

Patent Law. 

Claims 3. 4 is not in conformity with the provisions of Rule 20 of the Implementing 
Regulations of the Chinese Patent Law. 

D Claim is not in conformity with the provisions of Article 9 of the Chinese Patent 

Law. 

O Claim is not in conformity with the provisions of Rule 12(1) of the Implementing 

Regulations of the Chinese Patent Law. 
The detailed reasoning for the above opinion is described in the text of this office action. 

7. On the basis of the above opinion, the examiner holds that: 

□ The applicant should make amendments as required in the text of this office action. 

The applicant should provide reasons for that the above mentioned patent application can be 

granted patent right, and make amendments to the specification as described in the text of this 

office action; otherwise the patent right shall not be granted. 
□The patent application does not possess any substantive contents for which patent right may be 

granted, if the applicant fails to provide reasons or the reasons provided are not sufficient, this 

application will be rejected. 

8. The applicant's attention is drawn to the following matters: 

(1) In accordance with the provisions of Article 37 of the Chinese Patent Law, the applicant shall 
submit a response within four months from the date of receiving this office action. If the 
applicant fails to meet the time limit without any justified reason, the application shall be 
deemed to have been withdrawn. 

(2) The amendment made by the applicant shall be in conformity with the provisions of Article 33 
of the Chinese Patent Law. The amendment shall be submitted in duplicate copies and in the 
format required by the relevant provisions of the Examination Guideline. 

(3) The applicant's response and/or amended documents shall be mailed or submitted to the 
Receiving Department of the Chinese Patent Office. Documents which are not mailed or 
submitted to the Receiving Department do not possess legal effect. 

(4) The applicant and/or his(its) agent shall not come to the Chinese Patent Office for interview 
with the examiner without an appointment. 

9. The text of this office action consists of a total of 2 sheets, and is accompanied by the following annexes: 
EI A copy of the cited reference documents consisting of I set and 22 sheets 
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The Seal of the Examiner: Rui PENG 
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